Data sharing in the modern NHS

The NHS generates a high volume of data from patient care records and various other sources. This data is used primarily for direct patient care. However the data can also be shared and used for other purposes such as research by public or private sector organisations or for planning and commissioning NHS services. It is important that when data is shared with these organisations, it is done in a way that is efficient, well defined and not open to interpretation.

NHS Digital’s chief executive, Sarah Wilkinson, has recently called for an update to the NHS data sharing and information governance rules following the coronavirus pandemic, calling the current set of rules overly complicated and imprecise, leaving it open to multiple interpretations.

Data sharing laws have been relaxed through a control of patient information notice (“COPI notice”) issued by the Department of Health and Social Care in response to the pandemic, to enable the sharing of patient records across GP practices and other health agencies. This notice will only remain in place during the pandemic, after which the previous, stricter laws are likely to come back into force as a result of the COPI notice being designed specifically for use in public health crises.

Pre-pandemic Data Sharing

Sarah Wilkinson has stated that the current, pre-pandemic legislation is very labyrinthine and that makes it difficult to have a clear dialogue with a broad cross-section of people within the health and care system.

A lot of the data sharing the NHS is doing during the pandemic is under the COPI notices. When the pandemic ends, the ability to use the COPI notice will no longer be available and the NHS will have to rely on the pre-pandemic system of information governance. 

There are two main issues with the existing data sharing information governance within the NHS. Firstly, the legislation and information governance rules surrounding the sharing of patient data are highly complex and often misunderstood, resulting in many aspects of data sharing agreements being left open to interpretation. Secondly, there exists a lack of public trust in the way in which the NHS uses and shares patient data. The combination of these two factors makes it difficult to efficiently share data across the health system.

New Legislation

It is important that the NHS is able to share patient data efficiently across various health agencies in order to improve individual patient care through the sharing of patient records and also to improve health and care services for all patients, through planning of public health services and research into the treatment of illnesses.

Matthew Gould, the chief executive of NHSX – the joint NHS and Government tech unit, has said that it is important to ensure that information governance is not used as a barrier to sharing data safely and appropriately. As a result, NHSX has recently launched an information governance portal to advise staff on making decisions. The aim of this portal is to provide easy to follow guidance that will help staff in improving patient care.

The Department of Health and Social Care has also said that it will publish a data strategy for health and care later this year, which will set out how data can be used to improve patient care and outcomes while continuing to protect the absolute need for patient confidentiality.

It remains to be seen how effective any such guidance or strategy will be. Perhaps now is the time to start considering new legislation that will allow more efficient, broader collaboration across the various health agencies within the NHS through a simplification of the complex rules that are currently in place to minimise instances of interpretation while retaining a tightly controlled data sharing system that maintains public trust within the NHS.

We regularly advise NHS bodies on all aspects of data sharing and data processing agreements and are available to help with any queries that you may have.